<?php
$message = '';
$db = new mysqli('localhost', 'root', 'root', 'rashidStone');
if($db->connect_error) {
    $message = $db->connect_error;
} 

// escape variables for security
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$birth = $_POST['birthday'];
$gender = $_POST['sex'];
$email = $_POST['email'];
$state = $_POST['state'];
$year = $_POST['grade'];
$type = $_POST['type'];
$username = $_POST['username'];

$sql="INSERT INTO User (FirstName, LastName, Username, BirthDate, Gender, EmailAddress, State, SchoolYear, Type)
VALUES ('$firstname', '$lastname', '$username', '$birth', '$gender', '$email', '$state', '$year', '$type')";

if (!mysqli_query($db,$sql))
{
  die('Error: ' . mysqli_error($db));
}

$sql = "SELECT User.UserID FROM User WHERE User.Username = '$username'";
$result = $db->query($sql) or die('Error connecting to database');
$user_id = $result->fetch_assoc();
$user_id = $user_id['UserID'];

$sql = "SELECT Tag.TagID FROM Tag WHERE Tag.Name = '$type'";
$result = $db->query($sql) or die('Error connecting to database');
$tag_id = $result->fetch_assoc();
$tag_id = $tag_id['TagID'];

    $sql = "INSERT INTO TagAssignment(TagID, UserID) VALUES ('$tag_id', '$user_id')";
    $db->query($sql);

    




echo "1 record added";

mysqli_close($db);